| In recent years,with the construction of cloud computing platforms and the optimization of GPU and other hardware,the ability of deep learning to process huge user data feature extraction and data migration in distributed scenarios has been significantly improved.However,as the problem of user privacy leakage continues to occur,many countries have introduced relevant laws to regulate the use of user privacy data,making it more difficult for deep learning models to obtain training data.In order to solve the problem of user privacy data security in distributed scenarios,researchers have proposed a landmark distributed deep learning framework-federated learning.Federated learning allows users to participate in collaborative model training while keeping user data out of the local area,ensuring user data privacy and security,solving the problem of "data islands" from a technical level,optimizing deep learning models in distributed environments,and being widely used at the edge Computing,predicting cancer,predicting loan status and other fields.However,studies have shown that Federated Learning’s active attacks on users exhibit inherent vulnerabilities,such as backdoors,poisoning and other attack methods.The attacker indirectly or directly affects the classification performance of the global model by uploading the tampered model parameters.This article focuses on the attack technology and defense strategy in the federated learning framework,focusing on backdoor attacks and poisoning attacks:(1)Aiming at the backdoor attack technology,this paper is based on Generative Adversarial Networks(GAN),using the characteristics of federated learning distributed parallel computing,and proposes a new type of federated learning backdoor attack technology.This solution combines the GAN technology to improve the generation method of the traditional backdoor trigger and enhance the concealment of the trigger.At the same time,the model scaling technology is used to scale the parameters of the backdoor model to prevent the backdoor model contribution from being offset during the server parameter aggregation process,and improve the convergence rate of the backdoor model and the attack success rate.At the same time,this article conducts an experimental discussion on the main factors of backdoor attacks,and puts forward the core elements that affect the success rate of backdoor attacks.Experimental results show that the proposed scheme can achieve a higher attack success rate in a shorter number of training rounds than the traditional backdoor attack scheme,and it reaches 100% on the MNIST data set.(2)Aiming at the poisoning attack technology,this paper proposes a new type of federated learning poisoning attack defense strategy based on the method of global server parameter aggregation.The scheme firstly aims at the loopholes in the federated learning process,constructs a poisoning attacker model,and initiates a label flip attack to reduce the accuracy of ordinary user training.Secondly,the auxiliary training set is reconstructed by generating an adversarial network,and the basic statistical heterogeneity between the exposed feature distribution and most of the remaining natural adversarial disturbances is used to classify the auxiliary training set.Finally,based on the auxiliary training set,the global model is retrained to neutralize the impact of poisoning attacks.Theoretical analysis and experimental results show that the proposed scheme can effectively resist poisoning attacks and ensure that users can perform model training accurately and efficiently.(3)Based on key basic technologies such as Tensor Flow and Paddle Paddle,using Python3.0 as the execution environment,design and develop a set of demonstration platforms that can modularize the training process of federated learning models and simplify the process of building federated learning projects.At the same time,it combines the third chapter attack technology and the fourth chapter defense strategy to visualize model training and attack defense results. |
PDF Full Text Request